Web analytics vendors walk a very fine line with regard to privacy. Third party tools collect almost any data that customers would like to forward to them. Customers can sometimes make mistakes and send information that their visitors would suggest is personally identifiable (as in this case with LiveJournal users).
Some important takeaways for me from the article:
Note 2: Vendor privacy policies are extremely important and must accurately reflect exactly what they say they will do with the data they collect.
"COPPA -- we completely respect the letter and spirit of COPPA (refresher). Again, we do not share personally identifiable information with [vendor] or enable [vendor] to collect it about any users, including those under 13. There are two types of under 13 users on LJ -- those whose parents have given us permission and those who have not and therefore can only view public pages but cannot use the application."
Note 3: This is serious business. Vendors must be very clear about privacy issues and regulations surrounding the data they collect. COPPA is just one example...there are many others.
Also, for sites that determine they collect sensitive data that seems inappropriate to send to a third party collection environment, they should investigate options to keep the data in-house.